Who Does the DMCA Really Protect?

Kirch asks: " Company XYZ Encryption Technologies creates an encryption package (read anti-piracy) that will encrypt your data (read IP) for you and can only be read through licenced decrypted produced by XYZ. Now, the encryption used is very, very weak. It 'encrypts' by offsetting every bit by one and then 'decrypts' by offsetting every bit again by one. Or yet even better 'encrypts' everything by the Pig Latin method. Now the encryption is kept secret by XYZ. Users use this assuming they are protected by the encryption technology touted by XYZ. A semi smart user looks at the encrypted data and says 'Oh Look it's Pig Latin!' The user posts this on forums, makes a Web page exposing XYZ for using Pig Latin and writes a DePigLatin program. Who is liable here? The company, for producing a product with weak encryption, or the user for posting the DePigLatin program?" Sound familiar? It should, but not necessarily for the reason you expect.

ESRI makes a product called ArcView. Arcview has a feature that allows developers to customize it with Avenue. Developers can also encrypt their scripts so they can sell them to users. Dr. William Huber found out a way to decrypt the "encrypted" scripts using the Avenue scripting language. You'll find his findings here. It seems that he stumbled upon this a year ago. Again, who's at fault? ESRI or Dr. Huber? You'll notice he hasn't actually given out the code but does give out a few hints to those who know Avenue.

My limited understanding of the DMCA is that it is a crime to circumvent anti-piracy measures built into most commercial software. This would make the user a criminal for circumventing an anti-piracy measure. There is no provision saying, well if it's weak, then it's OK. So, according to the DMCA, was circumventing the XYZ Pig Latin Encryption technology a crime?"

The similarities to DeCSS should probably come as no surprise to you all at this point. What is a consumer to do when the very laws that are designed to ultimately protect us (as the software publishers keep saying) can be used as a bludgeon to silence the act of discovering what can and should be considered design flaws? Sure the DMCA protects someone, but the answer most assuredly isn't 'us' in any way shape or form.Of course, that last bit shouldn't come as any surprise to you, either.

Update: 07/13 12:43 AM by C :Some information for those of you who are still looking for ammunition against the DMCA: here's a lengthy paper from Pamela Samuelson, a professor at UC Berkeley, and another article from Openlaw . Finally, this bit from Michael Sims: "Sachems, grandmothers, and hackers of all ages have obtained a New York City Official Media Event Permit to peacefully assemble for the redress of wrongs:

Monday 17 July 2000
10:30 am to 5:00 pm
Court Yard of the Federal Court
500 Pearl Street"
(Manhattan, New York City, obviously)

Also, Martin Garbus (the famous lawyer who's representing the DVD defense) will be speaking at H2K, the hacker's conference this weekend. More precisely, he's speaking this Friday at 3PM at the Hotel Pennsylvania (you can go to Hope.Net for more info)."